| Adam Sampson on Sat, 20 May 2000 23:05:09 +0200 (CEST) | 
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [Nettime-bold] Re: <nettime> Viruses on the Internet: Monoculture breeds parasites | 
On Sat, May 13, 2000 at 11:14:12PM +0100, Benjamin Geer wrote: > I agree for images, and in fact my mail client is set up to open an > image viewer for JPG attachments. This is because no harm can > possibly come from viewing a JPG. Unless your image viewer has a buffer overflow problem, say, while reading the JPEG comment string. Fortunately, there isn't much of a monoculture in image viewers or the systems they're running on (i.e. while a cracker could build a virus---and yes, this would be a virus, not a worm---that inserted itself into the JPEG comment field, it probably wouldn't spread very far). > Another possibility would be to use a different sort of security > mechanism, so that executable code could be identified as coming from > a trusted source, using a public encryption key. If you tried to run > a script that didn't have a trusted public key, you'd get a dialog box > saying 'Warning: This program is not known to be from a trusted > source. It could cause your computer to burst into flames. Are you > sure you want to run it?' What we really need is a combination of Perl's taint checking and the Linux kernel's capabilities: programs operating upon untrusted data (i.e. anything received in mail) can only display information to a restricted area of the screen... -- Adam Sampson azz@gnu.org _______________________________________________ Nettime-bold mailing list Nettime-bold@nettime.org http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-bold